Managing access control policy condition performance
When you define an access control policy condition, use the relationship that gives the best performance for your data profile.
Consider the following performance factors when you define an access control policy condition.
- For policy conditions that use the All of and One of relationships, ensure that the Column source properties are optimized and included in returnable form in the custom search properties that are stored in the search index.
- Test the performance of your conditions by using realistic data. Pega Platform evaluates your filter by using database queries or Elasticsearch, depending on the report definition. Different relationships perform differently, depending on the filter and data profiles.
- For best performance when comparing a scalar value to a comma-delimited list of values,
use the Is equal relationship.
However, if the number of comparison values in the Is equal relationship(s) in your policies is very large, queries against the database or the Elasticsearch index might generate error messages, because these data stores restrict the number of terms allowed in queries. The error message explains the cause of the problem.
When using database queries for Is equal, Pega Platform generates SQL statements with IN clauses, which your database might limit. You should identify this limit for your database, and use the One of relationship if you expect the limit to be exceeded in your application.
When using Elasticsearch for Is equal, about 1,000 comparisons are allowed by default. If you exceed this limit, you can either use One of, or increase the limit by updating the dynamic system setting indexing/distributed/search_maxclausecount.